aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_extensions.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Use unique_ptr in Server_Kex_Exchange and Extensionslloyd2012-08-061-18/+6
|
* Make TLS::Channel::send non-virtual as neither Client nor Serverlloyd2012-06-181-0/+5
| | | | | | | | | | | | | | | | | | | needed to derive from it. Add a new overload of send taking a std::string for convenience (eg client.send("GET / HTTP/1.0\n\r")). Let Channel::renegotiatate's force_full_renegotiation argument default to false. Fix a bug where if we negotiated TLS v1.2 and our Policy was configured to only use MD5 we would send an empty allowed signatures which is maybe bogus or maybe just ambigious (RFC is unclear, though we reject in this case). To fix this, support putting MD5 in the signature algorithms extension, and then in choose_sig_format order first by our hash preference, and only allow hashes that are allowed by policy. Thus is a client claims to support both SHA-2 and MD5 we'll choose SHA-2 even if the client put MD5 first (some versions of GnuTLS ordered the list backwards due to a bug, so this is actually a useful behavior).
* Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-181-1/+1
| | | | style cast in secmem.h
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-17/+17
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Huge pile of post merge fixups, mtn really fucked that mergelloyd2012-04-251-1/+2
|
* Add support for TLS heartbeats (RFC 6520). Heartbeat initiations fromlloyd2012-04-161-0/+3
| | | | | | | | | | | | | the peer are automatically responded to. TLS::Channel::heartbeat can initiate a new heartbeat if the peer allows it. Heartbeat replies are passed back to the application processing function with an Alert value of HEARTBEAT_PAYLOAD (a 'fake' value, 256, which is out of range of the valid TLS alert space), along with the sent payload. The RFC requires us to have no more than one heartbeat 'in flight' at a time, ie without getting a response (or a timeout in the case of DTLS). Currently we do not prevent an application from requesting more.
* Limit the lifetime of tickets to Policy::session_ticket_lifetime()lloyd2012-04-041-4/+9
| | | | | | | | | | | | | | | | | seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
* Server side handling of session tickets, though currently with alloyd2012-03-221-2/+2
| | | | hard-coded key.
* Basic protocol message flow for session ticketslloyd2012-03-201-1/+1
|
* Small fixes, cleanupslloyd2012-03-191-0/+6
|
* propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-03-161-29/+264
|\ | | | | | | | | | | c24b5d6b012131b177d38bddb8b06d73f81f70c4) to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
| * Add client-side support for PSK kex. Tested against OpenSSL.lloyd2012-01-271-0/+3
| |
| * Make Alert a first class object ala Version. Move the alert codes intolloyd2012-01-261-1/+1
| | | | | | | | the Alert class for namespacing.
| * Send the supported elliptic curves extension. Instead of hardcodinglloyd2012-01-241-15/+0
| | | | | | | | | | | | | | the values let policy specify them. Also choose an ECC curve for server kex from the client hello. Choice is via policy, default implementation is to choose the first curve the client supports out of the server's preference list.
| * Expose the named curve ID/string conversion functions, needed for server key ↵lloyd2012-01-241-9/+5
| | | | | | | | exchange
| * Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-9/+13
| | | | | | | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
| * Have the client key exchange examine the server key exchange messagelloyd2012-01-231-0/+2
| | | | | | | | | | | | | | directly (if it was sent), so that the client implementation doesn't have to know what key exchange mechanisms we actually support. Return a value in ECC curves extension serialization method.
| * Basic outline of the supported curves extension from RFC 4492lloyd2012-01-221-14/+142
| |
| * Fix decoding of signature_algorithms if we say something we don't recognizelloyd2012-01-201-4/+4
| |
| * Strangely you can negotiate using only MD5 in TLS 1.2. Just ignore itlloyd2012-01-201-5/+2
| | | | | | | | entirely if we see it.
| * Instead of using a hardcoded value for signature_algothms, go withlloyd2012-01-201-15/+0
| | | | | | | | | | | | | | | | policy. Only functional change here from before is we now send DSA with SHA-2. This is fine, OpenSSL does it as well and while the spec says to wait until NIST comes up with a way to prevent hash impersonation, it doesn't really make sense to avoid possible hash substitution attacks by using the weakest available hash...
| * TLS_Ciphersuite_Algos was just a strange level of indirection betweenlloyd2012-01-201-64/+54
| | | | | | | | | | | | | | | | the ciphersuite code and a set of strings specifying the underlying suite algorithms. Remove it entirely. Some things are likely broken. One I know about is that we always send the hash/signature type indicator but should only do so for TLS >= 1.2
| * Many fixes for TLS 1.2 though some things in particular client authlloyd2012-01-201-7/+12
| | | | | | | | | | | | remain broken. New interface for querying the TLS extensions, much cleaner.
| * Kinda maybe working TLS 1.2 for clients. Not well tested at all, but alloyd2012-01-191-3/+3
| | | | | | | | | | | | | | | | basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
| * Read only support for signature_algorithms extension used in TLS 1.2lloyd2012-01-181-0/+139
| |
* | Outline of RFC 5077 session ticketslloyd2012-01-111-0/+2
|/
* As someone pointed out on the TLS list, NPN isn't really a negotiationlloyd2012-01-041-4/+4
| | | | per-se, it's a notification by the client. Rename accordingly.
* Split hello.cpp into c_hello.cpp and s_hello.cpplloyd2012-01-041-4/+0
| | | | | | Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter.
* Add support for next protocol negotiation. Client only currently;lloyd2012-01-041-1/+46
| | | | tested with google.com:443
* Add a function for getting the version number of an active connection.lloyd2011-12-301-0/+1
| | | | | | | | Add a new callback that is called with the session info when a handshake completes. Currently only called on the server side as the client doesn't have session resumption yet. Rename CipherSuite to TLS_Cipher_Suite.
* Add support for the maximum fragment length extension. No hooks for itlloyd2011-12-301-8/+51
| | | | | | | on the client side at the moment. Tested with gnutls-cli --recordsize. Save the fragment size and the secure renegotiation flags in the session state.
* Full support for renegotiation including RFC 5746 extensions forlloyd2011-12-301-15/+46
| | | | | | | | | | | | | client and server. Server side can handle SCSV values as well, client always sends the extension instead. Handle an empty SNI extension coming back from the server - this is used to indicate that it understood the name. Also add better checking for extensions by passing in what the supposed size of the extension is. Only send the secure negotiation extension in the server hello if the client indicated support for it.
* Many renegotiation fixes. Add support for the secure renegotiationlloyd2011-12-301-0/+2
| | | | | extension (client side only at the moment). Add an interface that allows applications to request renegotiation.
* About half an implementation of RFC 5746lloyd2011-12-291-9/+13
|
* Add support for sending server name indicator in client hellolloyd2011-12-291-0/+150
Add support for sending and reading the SRP identifier extension. Add some helper classes for managing TLS extensions Add ciphersuite codes for SRP key exchange.